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CLAIMS 

1. A method of enabling a client terminal user to 
access target resources managed by a set of resource 
managers within an enterprise computing environment, 
comprising: 

J 

authenticating the user to establish a user primary 
identity; 

mapping the user primary identity to a set of user 
secondary identities; 

authenticating the user to the resource managers 
using the set of user secondary identities; 

following authentication using the set of user 
secondary identities, forwarding resource requests to the 
resource managers; and 

returning replies received from the resource 
managers back to the user. 

2 . The method as described in^ Claim 1 wherein the 
user primary identity is mapped to the set of user 
secondary identities by a sign-on service. 

3 . The method as described in Claim 2 further 
including the step of authenticating cL trusted server to 
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the sign-on service prior to mapping the user primary 
identity to the set of user secondary identities. 

4 . The method as described in Claim 3 wherein the 
trusted server is authenticated to the sign-on service 
before the step of authenticating the user to establish 
the user primary identity. 

5 . The method as described in Claim 3 wherein the 
trusted server is authenticated to the sign-on service 
after the step of authenticating the user to establish 
the user primary identity. 

6 . The method as described in Claim 3 wherein the 
user is authenticated to establish the user primary 
identity using an authentication service associated with 
the trusted server. 

7 . The method as described in Claim 1 further 
including the step of load balancing resource requests 
across a set of instances of a given resource manager. 
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8. The method as described in Claim 1 wherein the 
client terminal user accesses the enterprise computing 
environment over the Internet . 



5 9. The method as described in Claim 1 wherein the 

user is authenticated to a given resource manager using 
an authentication service associated with the given 
resource manager. 
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10. A method for enabling a client terminal user to 
access target resources managed by a set of resource 
managers operative within an enterprise computing 
environment, wherein the environment has an associated 
5 sign-on service, Comprising: 

responsive to request received from a user of the 
client terminal, authenticating the user to establish an 
identity; 

using the identity, ac6^ssing the sign-on service to 
10 retrieve a set of stored user Vuthentication information; 

performing a sign-on to the >set of resource managers 
using the retrieved user authentica\ion information; and 
forwarding the request to a given\resource manager; 

and 

15 forwarding a reply received from the giyen resource 

manager back to the user. 
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11. A method for enabling a client terminal user to 
access target resources managed by a set of resource 
managers operative within an enterprise computing 
environment, wherein the environment has an associated 
5 sign-on service, comprising: 

having the client terminal user perform a primary 
logon to an intermediary server to establish a user 
primary identity; 

having the intermediary server pass the user's 
10 primary identity to the sign-on service and, in response, 
obtaining a set of user secondary identities that may be 
used in enabling the intermediary server to represent the 
client terminal user to the resource managers; 

having the intermediary server perform a secondary 
15 logon to a first resource manager using a first user 
secondary identity; 

having the intermediary server perform a secondary 
logon to a second resource manager using a second user 
secondary identity; 
20 having the intermediary server perform resource 

requests at the first and second resource managers under 
the respective secondary identities; and 

forwarding responses back to the client terminal 

user . 
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12.. In an enterprise computing environment having a 



set of resource managers and a sign-on service, the 



improvementX comprising : 

a serverX (a) for authenticating a user to establish 
a user primary Vccount , (b) for cooperating with the 
sign-on service t<5 delegate the user primary account to a 
set of user secondary accounts; (c) for logging onto the 
set of resource managers using the user secondary 
accounts; and (d) for passing resource requests from the 
user to the resource manager^ under the user secondary 
accounts . 



13. In the enterprise computingy environment as 
15 described in Claim 12 wherein the servers passes replies 
to the resource requests back to the user.^ 
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14, A server for use in an enterprise computing 
environmentyiaving a set of resource managers and a sign- 
on service, cosmrising : 

means for auts^enticating a user to establish a user 
5 primary accounts- 
means for authentic^ing the server to the sign-on 
services- 
means for logging onto th^set of resource managers 
using a set of user secondary accosts returned from the 
10 sign-on service; and 

means for passing resource requests "knd associated 
replies between the user and the resource managers, 

15. The server as described in Claim 14 further 
15 including means for load balancing resource requests 

passed to a set of instances of a given resource manager, 
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ISw A system, comprising: 



a seu\of resource managers; 



a sign on\service; 
a server, con^trising : 

means for authen treating users to establish user 
primary accounts; 

means for logging a givenNuser onto the set of 
resource managers using a set of ii^r secondary accounts 
for the given user retrieved from the s^gn on service; 
and 

means for passing resource requests and Associated 

replies between the given user and the resource managers 

\ 



17. The system as described in Claim 16 wherein at 
least one resource manager comprises a set of instances. 



18. The system as described in Claim 17 wherein the 
server further includes means for load balancing resource 
requests across the set of instances. 

19. The system as described in Claim 16 wherein the 
server comprises a set of instances. 
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20. The system as described in Claim 19 further 
including a manager that manages the set of server 
instances . 
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A computer program product in a computer- 



useable medium executable in a processor of a server. 



comprising; 

means for c^Jthenticating a user to establish a user 
5 primary account; 

means for authent3>^ating the server to a sign-on 
service; 

means for logging onto a^et of resource managers 
using a set of user secondary accxxjints returned from the 
10 sign-on service ; and 

means for passing resource requestsNand associated 
replies between the user and the resource managers. 
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